function User($username, $password, $email = "", $firstname = "", $lastname = "", $webpage = "", $birthdate = "", $description = "")
{
$this->username = $username;
setPassword($password);
setEmail($email);
setFirstname($firstname);
setLastname($lastname);
setWebpage($webpage);
setBirthdate($birthdate);
setDescription($description);
}
return false;
}
}
// ============================================================================
// Main before POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Prevent editors to administrate other users.
if ($Login->role() !== 'admin') {
$_POST['username'] = $Login->username();
unset($_POST['role']);
}
if (setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password'])) {
Redirect::page('admin', 'users');
}
}
// ============================================================================
// Main after POST
// ============================================================================
if ($Login->role() !== 'admin') {
$layout['parameters'] = $Login->username();
}
$_user = $dbUsers->getDb($layout['parameters']);
// If the user doesn't exist, redirect to the users list.
if ($_user === false) {
Redirect::page('admin', 'users');
}
$_user['username'] = $layout['parameters'];
<?php
if (isset($_POST['action']) && $_POST['action'] == 'My Account') {
$projects = getUserProjects($_SESSION['id']);
include 'myAccount.html.php';
exit;
}
if (isset($_GET['setPassword'])) {
include 'setPassword.html.php';
exit;
}
if (isset($_GET['setPasswordForm'])) {
setPassword();
header('Location: .');
exit;
}
if (isset($_POST['action']) && $_POST['action'] == 'Edit My Info') {
include 'editUserForm.html.php';
exit;
}
if (isset($_GET['updateUser'])) {
updateUser();
$_SESSION['firstName'] = $_POST['firstName'];
$_SESSION['lastName'] = $_POST['lastName'];
$_SESSION['email'] = $_POST['email'];
$_SESSION['phone'] = $_POST['phone'];
header('Location: .');
exit;
}
}
// response to create pad form
if (isset($_POST['createPadinGroup'])) {
if (isset($_POST['start_sitzung'])) {
$padname = 'Sitzung' . date('Ymd');
$passwd = mt_rand(10000, 99999);
} else {
$padname = $_POST['pad_name'];
$starttext = "Willkommen im wesentlichen Etherpad auf D120.de!\r\n\r\n";
}
try {
$instance->createGroupPad($groupmap[$group], $padname, '');
$padid = $groupmap[$group] . '$' . $padname;
$db->prepare('INSERT INTO padman_pad_cache (group_mapper, group_id, pad_name, last_edited) VALUES (?,?,?,NOW())')->execute(array($group, $groupmap[$group], $padname));
if (isset($_POST['start_sitzung'])) {
update_pad($padid, array("shortlink" => 'si' . date('md')));
$instance->setPublicStatus($padid, true);
setPassword($padid, $passwd);
$starttext = file_get_contents('template-sitzung.txt');
$starttext = str_replace("{{heute}}", date("d.m.Y"), $starttext);
$starttext = "Kurzlink zum Pad: " . SHORTLNK_PREFIX . 'si' . date('md') . "\nPasswort: {$passwd}\n\n" . $starttext;
$instance->setText($padid, $starttext);
}
setcookie("infobox", "<div class='alert alert-success'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-ok-circle'></i> Pad " . $padname . " erfolgreich angelegt!</h4>" . '<p><a href="' . SELF_URL . '?group=' . $group . '&show=' . $padname . '" class="btn btn-success btn-lg">Jetzt öffnen</a></p>
</div>');
} catch (Exception $e) {
setcookie("infobox", "<div class='alert alert-danger'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-warning-sign'></i> Neues Pad konnte nicht erstellt werden.</h4>\n <p>" . $e->getMessage() . "</p></div>\n");
}
header("HTTP/1.1 303 See other");
header("Location: " . SELF_URL . $group);
}
$loq->template_dir = LOQ_APP_ROOT . 'includes/admin_templates';
$loq->assign('sidemsg', 'Loquacity Password Recovery');
$_SESSION['username'] = $_POST['username'];
$_SESSION['answer'] = $_POST['answer'];
// if a username in the post is entered, and that username exists in the database,
if (isset($_SESSION['username']) && $_SESSION['username'] == checkUsername($_SESSION['username'])) {
// get the secret question for the user
$secQuestion = $myPasswdMgr->getQuestion($_SESSION['username']);
$loq->assign('question', $secQuestion);
$_SESSION['answer'] = $_POST['answer'];
$template = 'askquestion.html';
// Now check if we have an answer or not, and compare them.
// psudo: if (checkAnswers(pw1,pw2) where pw1 = getAnswer(username)
if ($myPasswdMgr->checkAnswers($myPasswdMgr->getAnswer($_SESSION['username']), $_SESSION['answer'])) {
// success! reset password and send the email.
setPassword($_SESSION['username'], $_SESSION['answer']);
sendEmail($user, $email, $passwd);
$template = 'status.html';
} else {
$loq->assign('title', 'Please answer your question');
$template = 'askquestion.html';
}
} else {
$loq->assign('title', 'Please enter your Loquacity username');
$template = 'getusername.html';
}
function setPassword($user, $passwd)
{
global $myPasswdMgr;
/**
* I could have just said passwordManager::setPassword($user, stringHandler::toSHA1(passwordManager::randomWord(5)));
function admin()
{
global $ADMIN_CONF;
global $loginpassword;
global $specialchars;
if (function_exists('gzopen') and getRequestValue('get_backup', 'post') == "true") {
send_backup_zip();
}
if (getRequestValue('chanceadmin', 'post') == "true") {
echo set_admin_para();
exit;
} elseif (getRequestValue('newpw', 'post') or getRequestValue('newname', 'post') or getRequestValue('newpwrepeat', 'post') or getRequestValue('newuserpw', 'post') or getRequestValue('newusername', 'post') or getRequestValue('newuserpwrepeat', 'post')) {
if (false !== ($newname = getRequestValue('newname', 'post', false)) and false !== ($newpw = getRequestValue('newpw', 'post', false)) and false !== ($newpwrepeat = getRequestValue('newpwrepeat', 'post', false)) and $newname != "" and $newpw != "" and $newpwrepeat != "") {
if (ROOT) {
echo setPassword($newname, $newpw, $newpwrepeat, "root");
exit;
} else {
ajax_return("error", true, returnMessage(false, getLanguageValue("error_no_root")), true, true);
}
} elseif (false !== ($newusername = getRequestValue('newusername', 'post', false)) and false !== ($newuserpw = getRequestValue('newuserpw', 'post', false)) and false !== ($newuserpwrepeat = getRequestValue('newuserpwrepeat', 'post', false)) and $newusername != "" and $newuserpw != "" and $newuserpwrepeat != "") {
echo setPassword($newusername, $newuserpw, $newuserpwrepeat, "user");
exit;
} else {
ajax_return("error", true, returnMessage(false, getLanguageValue("pw_error_missingvalues")), true, true);
}
} elseif (getRequestValue('deluser', 'post') == "true") {
if (ROOT) {
$user = $loginpassword->get("username");
$loginpassword->set("username", "");
$loginpassword->set("userpw", "");
ajax_return("success", true, returnMessage(true, '<b>' . $user . '</b> ' . getLanguageValue("admin_messages_del_user")), true, true);
} else {
ajax_return("error", true, returnMessage(false, getLanguageValue("error_no_root")), true, true);
}
} elseif (USE_CHMOD and getRequestValue('chmodupdate', 'post') == "true" and false !== ($chmodnewfilesatts = getRequestValue('chmodnewfilesatts', 'post')) and $chmodnewfilesatts != "") {
if (!preg_match("/^[0-7]{3}\$/", $chmodnewfilesatts)) {
ajax_return("error", true, returnMessage(false, getLanguageValue("admin_error_chmodnewfilesatts")), true, true);
}
if ($ADMIN_CONF->get('chmodnewfilesatts') != $chmodnewfilesatts) {
$ADMIN_CONF->set('chmodnewfilesatts', $chmodnewfilesatts);
}
if (true !== ($error = setUserFilesChmod())) {
ajax_return("error", true, $error, true, true);
}
ajax_return("success", true, returnMessage(false, getLanguageValue("admin_messages_chmod")), true, true);
}
$pagecontent = "";
$template = array();
$error = array();
$show = $ADMIN_CONF->get("admin");
if (!is_array($show)) {
$show = array();
}
$titel = "admin_button";
if (ROOT or in_array("language", $show)) {
$count = 0;
if (isset($template[$titel])) {
$count = count($template[$titel]);
}
// Zeile "SPRACHAUSWAHL"
$language_array = getDirAsArray(BASE_DIR_ADMIN . 'sprachen', "file", "natcasesort");
if (count($language_array) <= 0) {
$error[$titel][$count] = getLanguageValue("admin_error_language_empty");
} elseif (!in_array("language_" . $ADMIN_CONF->get('language') . ".txt", $language_array)) {
$error[$titel][$count] = getLanguageValue("admin_error_languagefile_error") . "<br />" . ADMIN_DIR_NAME . "/sprachen/language_" . $ADMIN_CONF->get('language') . ".txt";
} else {
$error[$titel][$count] = false;
}
$admin_inhalt = '<div class="mo-select-div"><select name="language" class="mo-select js-language">';
foreach ($language_array as $element) {
if (substr($element, 0, 9) == "language_") {
$selected = NULL;
$tmp_array = file(BASE_DIR_ADMIN . "sprachen/" . $element);
$currentlanguage = NULL;
foreach ($tmp_array as $line) {
if (preg_match("/^#/", $line) || preg_match("/^\\s*\$/", $line)) {
continue;
}
if (preg_match("/^([^=]*)=(.*)/", $line, $matches)) {
if (trim($matches[1]) == "_translator") {
$currentlanguage = trim($matches[2]);
break;
}
}
}
if (substr($element, 9, 4) == $ADMIN_CONF->get("language")) {
$selected = "selected ";
}
$admin_inhalt .= "<option " . $selected . "value=\"" . substr($element, 9, 4) . "\">" . substr($element, 9, 4) . " (" . getLanguageValue("admin_input_translator") . " " . $currentlanguage . ")</option>";
}
}
$admin_inhalt .= "</select></div>";
$template[$titel][] = array(getLanguageValue("admin_input_language"), $admin_inhalt);
}
// Zeile "ADMIN-MAIL"
if (ROOT or in_array("adminmail", $show)) {
if (function_exists("isMailAvailable")) {
$template[$titel][] = array(getLanguageValue("admin_text_adminmail"), '<input type="text" class="mo-input-text" name="adminmail" value="' . $specialchars->rebuildSpecialChars($ADMIN_CONF->get("adminmail"), true, true) . '" />');
}
}
// Zeile "BACKUP-ERINNERUNG"
if (ROOT or in_array("backupmsgintervall", $show)) {
$template[$titel][] = array(getLanguageValue("admin_text_backup"), '<input type="text" class="mo-input-digit js-in-digit" name="backupmsgintervall" value="' . $ADMIN_CONF->get("backupmsgintervall") . '" />');
}
// Zeile "Backup"
if (ROOT or in_array("getbackup", $show)) {
if (function_exists('gzopen')) {
$cms_size = dirsize(BASE_DIR_ADMIN) + dirsize(BASE_DIR_CMS);
if (false !== ($tmp_size = dirsize(BASE_DIR . "jquery/"))) {
$cms_size += $tmp_size;
}
$cms_input = buildCheckBox("backup_include_cms", "true", getLanguageValue("admin_button_include_cms") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($cms_size) . "</span>)") . '<br />';
$catpage_input = "";
if (false !== ($tmp_size = dirsize(CONTENT_DIR_REL))) {
$catpage_input = buildCheckBox("backup_include_catpage", "false", getLanguageValue("admin_button_include_catpage") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />';
}
$gallery_input = "";
if (false !== ($tmp_size = dirsize(GALLERIES_DIR_REL))) {
$gallery_input = buildCheckBox("backup_include_gallery", "false", getLanguageValue("admin_button_include_gallery") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />';
}
$layouts_input = "";
if (false !== ($tmp_size = dirsize(BASE_DIR . LAYOUT_DIR_NAME))) {
$layouts_input = buildCheckBox("backup_include_layouts", "false", getLanguageValue("admin_button_include_layouts") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />';
}
$plugins_input = "";
if (false !== ($tmp_size = dirsize(BASE_DIR . PLUGIN_DIR_NAME))) {
$plugins_input = buildCheckBox("backup_include_plugins", "false", getLanguageValue("admin_button_include_plugins") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />';
}
$docu_input = "";
if (false !== ($tmp_size = dirsize(BASE_DIR . "docu/"))) {
$docu_input = buildCheckBox("backup_include_docu", "false", getLanguageValue("admin_button_include_docu") . " (<span class=\"js-file-size\">" . convertFileSizeUnit($tmp_size) . "</span>)") . '<br />';
}
$template[$titel][] = array(getLanguageValue("admin_text_get_backup"), '<form action="index.php?action=' . ACTION . '" method="post">' . '<input type="hidden" name="get_backup" value="true" />' . $cms_input . $catpage_input . $gallery_input . $layouts_input . $plugins_input . $docu_input . '<div style="font-size:.4em;"> </div>' . '<input type="submit" name="admin_button_get_backup" value="' . getLanguageValue("admin_button_get_backup") . '" />' . '<span class="js-file-size-summe mo-padding-left">' . convertFileSizeUnit($cms_size) . '</span>' . '</form>');
}
}
// Zeile "SETZE DATEIRECHTE FÜR NEUE DATEIEN"
if (ROOT or in_array("chmodnewfilesatts", $show)) {
if (USE_CHMOD) {
$template[$titel][] = array(getLanguageValue("admin_text_chmodnewfiles"), '<input type="text" class="mo-input-digit js-in-chmod" size="4" maxlength="3" name="chmodnewfilesatts" value="' . $ADMIN_CONF->get("chmodnewfilesatts") . '" /><br /><br />' . '<input type="button" name="chmodupdate" value="' . getLanguageValue("admin_input_chmodupdate") . '" />');
}
}
// Zeile "UPLOAD-FILTER"
if (ROOT or in_array("noupload", $show)) {
$template[$titel][] = array(getLanguageValue("admin_text_uploadfilter"), '<input type="text" class="mo-input-text" name="noupload" value="' . $specialchars->rebuildSpecialChars($ADMIN_CONF->get("noupload"), true, true) . '" />');
}
global $loginpassword;
if (ROOT) {
$template[$titel][] = getLanguageValue("pw_text_login") . '<br /><br />' . getLanguageValue("pw_help") . '<table width="100%" cellspacing="0" border="0" cellpadding="0" class="">' . '<tr><td> </td><td class="mo-in-li-r">' . getLanguageValue("pw_titel_newname") . '</td><td class="mo-in-li-r">' . '<input type="text" class="js-in-pwroot mo-input-text" name="newname" value="' . $loginpassword->get("name") . '" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("pw_titel_newpw") . '</td><td>' . '<input type="password" class="js-in-pwroot mo-input-text" value="' . NULL . '" name="newpw" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("pw_titel_newpwrepeat") . '</td><td>' . '<input type="password" class="js-in-pwroot mo-input-text" value="" name="newpwrepeat" />' . '</td></tr>' . "</table>";
}
if (ROOT or in_array("userpassword", $show)) {
$deluser = NULL;
$user_allowed_settings = NULL;
if (ROOT) {
$deluser = '******' . '<input type="button" name="deluser" value="' . getLanguageValue("admin_button_del_user") . '" />' . '<div style="font-size:.4em;"> </div>' . '</td></tr>';
$user_allowed_settings = '<br />' . '<div class="ui-helper-clearfix">' . '<div class="mo-in-li-l">' . getLanguageValue("admin_noroot_text") . '</div>' . '<div class="mo-in-li-r">' . userSettings("tabs") . '<div style="font-size:.4em;"> </div>' . userSettings("config") . '<div style="font-size:.4em;"> </div>' . userSettings("admin") . '<div style="font-size:.4em;"> </div>' . userSettings("plugins") . '<div style="font-size:.4em;"> </div>' . userSettings("template") . '</div>' . '</div>';
}
$template[$titel][] = getLanguageValue("userpw_text_login") . '<br /><br />' . getLanguageValue("pw_help") . '<table width="100%" cellspacing="0" border="0" cellpadding="0" class="">' . $deluser . '<tr><td> </td><td class="mo-in-li-r">' . getLanguageValue("userpw_titel_newname") . '</td><td class="mo-in-li-r">' . '<input type="text" class="js-in-pwuser mo-input-text" name="newusername" value="' . $loginpassword->get("username") . '" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("userpw_titel_newpw") . '</td><td>' . '<input type="password" class="js-in-pwuser mo-input-text" value="' . NULL . '" name="newuserpw" />' . '</td></tr>' . '<tr><td> </td><td>' . getLanguageValue("userpw_titel_newpwrepeat") . '</td><td>' . '<input type="password" class="js-in-pwuser mo-input-text" value="" name="newuserpwrepeat" />' . '</td></tr>' . "</table>" . $user_allowed_settings;
}
$pagecontent .= contend_template($template, $error);
return $pagecontent;
}
/**
* Send password
*
* @param string $uniqueKey
* @return bool TRUE when password was sended, FALSE otherwise
*/
function sendPassword($uniqueKey)
{
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
$stmt = exec_query('SELECT `admin_name`, `created_by`, `fname`, `lname`, `email` FROM `admin` WHERE `uniqkey` = ?', $uniqueKey);
if ($stmt->rowCount()) {
$adminName = $stmt->fields['admin_name'];
$createdBy = $stmt->fields['created_by'];
$adminFirstName = $stmt->fields['fname'];
$adminLastName = $stmt->fields['lname'];
$to = $stmt->fields['email'];
$userPassword = passgen();
setPassword($uniqueKey, $userPassword);
write_log('Lostpassword: '******': password updated', E_USER_NOTICE);
exec_query('UPDATE `admin` SET `uniqkey` = ?, `uniqkey_time` = ? WHERE `uniqkey` = ?', array('', '', $uniqueKey));
if ($createdBy == 0) {
$createdBy = 1;
}
$data = get_lostpassword_password_email($createdBy);
$fromName = $data['sender_name'];
$fromEmail = $data['sender_email'];
$subject = $data['subject'];
$message = $data['message'];
$baseServerVhostPrefix = $cfg['BASE_SERVER_VHOST_PREFIX'];
$baseServerVhost = $cfg['BASE_SERVER_VHOST'];
$baseServerVhostPort = $baseServerVhostPrefix == 'http://' ? $cfg['BASE_SERVER_VHOST_HTTP_PORT'] == '80' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTP_PORT'] : ($cfg['BASE_SERVER_VHOST_HTTPS_PORT'] == '443' ? '' : ':' . $cfg['BASE_SERVER_VHOST_HTTPS_PORT']);
if ($fromName) {
$from = '"' . $fromName . '" <' . $fromEmail . '>';
} else {
$from = $fromEmail;
}
$search = array();
$replace = array();
$search[] = '{USERNAME}';
$replace[] = $adminName;
$search[] = '{NAME}';
$replace[] = $adminFirstName . " " . $adminLastName;
$search[] = '{PASSWORD}';
$replace[] = $userPassword;
$search[] = '{BASE_SERVER_VHOST_PREFIX}';
$replace[] = $baseServerVhostPrefix;
$search[] = '{BASE_SERVER_VHOST}';
$replace[] = $baseServerVhost;
$search[] = '{BASE_SERVER_VHOST_PORT}';
$replace[] = $baseServerVhostPort;
$subject = str_replace($search, $replace, $subject);
$message = str_replace($search, $replace, $message);
$headers = 'From: ' . $from . "\n";
$headers .= "MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\n";
$headers .= "Content-Transfer-Encoding: 7bit\n";
$headers .= 'X-Mailer: i-MSCP mailer';
$mailResult = mail($to, $subject, $message, $headers);
$mailStatus = $mailResult ? 'OK' : 'NOT OK';
$from = tohtml($from);
write_log("Lostpassword activated: To: |{$to}|, From: |{$from}|, Status: |{$mailStatus}| !", E_USER_NOTICE);
return true;
}
return false;
}
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Prevent editors users to administrate other users.
if ($Login->role() !== 'admin') {
$_POST['username'] = $Login->username();
unset($_POST['role']);
}
if (isset($_POST['delete-user-all'])) {
deleteUser($_POST, true);
} elseif (isset($_POST['delete-user-associate'])) {
deleteUser($_POST, false);
} elseif (isset($_POST['change-password'])) {
setPassword($_POST);
} elseif (isset($_POST['edit-user'])) {
editUser($_POST);
}
}
// ============================================================================
// Main after POST
// ============================================================================
if ($Login->role() !== 'admin') {
$layout['parameters'] = $Login->username();
}
$_user = $dbUsers->getDb($layout['parameters']);
// If the user doesn't exist, redirect to the users list.
if ($_user === false) {
Redirect::page('admin', 'users');
}
die(json_encode(array("status" => "ok")));
}
// response to create pad form
if (isset($_POST['createPadinGroup'])) {
if (isset($_POST['start_sitzung'])) {
$padname = 'Sitzung' . date('Ymd');
$passwd = mt_rand(10000, 99999);
} else {
$padname = $_POST['pad_name'];
$starttext = "Willkommen im wesentlichen Etherpad auf D120.de!\r\n\r\n";
}
try {
$instance->createGroupPad($groupmap[$group], $padname, '');
if (isset($_POST['start_sitzung'])) {
$sldb->store($groupmap[$group] . '$' . $padname, 'si' . date('md'));
$instance->setPublicStatus($groupmap[$group] . '$' . $padname, true);
setPassword($groupmap[$group] . '$' . $padname, $passwd);
$starttext = file_get_contents('template-sitzung.txt');
$starttext = str_replace("{{heute}}", date("d.m.Y"), $starttext);
$starttext = "Kurzlink zum Pad: " . SHORTLNK_PREFIX . 'si' . date('md') . "\nPasswort: {$passwd}\n\n" . $starttext;
// $starttext = nl2br($starttext);
$instance->setText($groupmap[$group] . '$' . $padname, $starttext);
}
setcookie("infobox", "<div class='alert alert-success'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-ok-circle'></i> Pad " . $padname . " erfolgreich angelegt!</h4>" . '<p><a href="' . SELF_URL . '?group=' . $group . '&show=' . $padname . '" class="btn btn-success btn-lg">Jetzt öffnen</a></p>
</div>');
} catch (Exception $e) {
setcookie("infobox", "<div class='alert alert-danger'><button type='button' class='close' onclick='location=location.href'><span aria-hidden='true'>×</span><span class='sr-only'>Close</span></button>\n <h4><i class='glyphicon glyphicon-warning-sign'></i> Neues Pad konnte nicht erstellt werden.</h4>\n <p>" . $e->getMessage() . "</p></div>\n");
}
header("HTTP/1.1 303 See other");
header("Location: " . SELF_URL . $group);
}
setError('Fehler beim speichern des Nachnamen!');
}
}
header("location: {$SETTINGS['url']}/settings");
exit;
}
if (isset($_POST['password']) && isset($_POST['password2'])) {
$password = $_POST['password'];
$password2 = $_POST['password2'];
if (strlen(trim($password)) < 5) {
setError('Passwort zu kurz!');
} else {
if ($password != $password2) {
setError('Du hast das Passwort nicht richtig wiederholt!');
} else {
if (setPassword($_SESSION['userid'], $password)) {
setInfo('Passwort gespeichert!');
} else {
setError('Fehler beim speichern des Passwortes!');
}
}
}
header("location: {$SETTINGS['url']}/settings");
exit;
}
$TITLE = 'Einstellungen';
$CONTENT = <<<EOT
<h2>Einstellungen</h2>
<div class="settingsbox">
\t<form method="post" action="{$SETTINGS['path']}/settings">
}
//prevent missing language file
if (in_array($_SESSION[$_SESSION["CFGURL"]][lang], $idiomas_disponibles)) {
require_once T3_ABSPATH . 'common/lang/' . $_SESSION[$_SESSION["CFGURL"]][lang][1];
} else {
require_once T3_ABSPATH . 'common/lang/' . $idiomas_disponibles[en][1];
}
if ($_GET[cmdlog] == substr(md5(date("Ymd")), "5", "10")) {
//Save stadistics
$stats = doLastModified();
unset($_SESSION[$_SESSION["CFGURL"]]);
header("Location:index.php");
}
if ($_POST[id_correo_electronico]) {
$chk_user = '';
$chk_user = ARRAYcheckLogin($_POST[id_correo_electronico]);
if ($chk_user["user_id"]) {
//if the hash not hashed because the admin of tematres change the CFG_HASH_PASS config in db.tematres.php
if (strlen($chk_user["pass"]) < 34 && CFG_HASH_PASS) {
setPassword($chk_user["user_id"], $chk_user[pass], CFG_HASH_PASS);
$chk_user = ARRAYcheckLogin($_POST[id_correo_electronico]);
}
if (check_password($_POST["id_password"], $chk_user["pass"])) {
$_SESSION[$_SESSION["CFGURL"]][ssuser_id] = $chk_user["user_id"];
$_SESSION[$_SESSION["CFGURL"]][ssuser_nivel] = $chk_user["nivel"];
$_SESSION[$_SESSION["CFGURL"]][ssuser_nombre] = $chk_user["name"];
//redirigir
header("Location:index.php");
}
}
}
echo '<script>showError("New password confirmation failed");</script>';
} else {
// Define $username and $password
$newPassword = $_POST['newPw'];
$oldPassword = $_POST['oldPw'];
$confNewPassword = $_POST['confNewPw'];
// To protect MySQL injection for Security purpose
$newPassword = stripslashes($newPassword);
$oldPassword = stripslashes($oldPassword);
$confNewPassword = stripslashes($confNewPassword);
$newPassword = mysql_real_escape_string($newPassword);
$oldPassword = mysql_real_escape_string($oldPassword);
$confNewPassword = mysql_real_escape_string($confNewPassword);
$arr = getPassword($login_session);
$existingPw = $arr["password"];
//hash using md5 enryption
$hashedOldPassword = md5($oldPassword);
if ($existingPw == $hashedOldPassword) {
$hashedNewPassword = md5($newPassword);
//set the new password
setPassword($login_session, $hashedNewPassword);
echo '<script>showSuccess("Password successfully changed");</script>';
echo '<script type="text/javascript">var myVar = setTimeout(function () {reDirect()}, 3000);</script>';
} else {
echo '<script>showError("Old Password is incorrect!");</script>';
}
}
}
}
}
}
function __construct()
{
setName();
setUsername();
setPassword();
}
public function __construct($username, $password, $email)
{
setUsername($username);
setPassword($password);
setEmail($email);
}
} else {
if (setLastName($userid, $newlastname)) {
setInfo('Nachname wurde gespeichert!');
} else {
setError('Fehler beim speichern des Nachnamen!');
}
}
header("location: {$SETTINGS['url']}/user/{$userid}");
exit;
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
if (strlen(trim($password)) < 5) {
setError('Passwort zu kurz!');
} else {
if (setPassword($userid, $password)) {
setInfo('Passwort gespeichert!');
} else {
setError('Fehler beim speichern des Passwortes!');
}
}
header("location: {$SETTINGS['url']}/user/{$userid}");
exit;
}
if (isset($_POST['delete']) && isset($_POST['code'])) {
$code = $_POST['code'];
if ($code == $_SESSION['deletecode']) {
$code = sha1(rand());
$_SESSION['deletecode'] = $code;
header("location: {$SETTINGS['url']}/user/{$userid}/{$code}");
exit;
function changePassword($nick, $newPassword)
{
$hashedPassword = hash("sha256", $newPassword, false);
return setPassword($nick, $hashedPassword);
}
function sendpassword($uniqkey)
{
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
$query = "\n\t\tSELECT\n\t\t\t`admin_name`, `created_by`, `fname`, `lname`, `email`\n\t\tFROM\n\t\t\t`admin`\n\t\tWHERE\n\t\t\t`uniqkey` = ?\n\t";
$res = exec_query($sql, $query, $uniqkey);
if ($res->recordCount() == 1) {
$admin_name = $res->fields['admin_name'];
$created_by = $res->fields['created_by'];
$admin_fname = $res->fields['fname'];
$admin_lname = $res->fields['lname'];
$to = $res->fields['email'];
$upass = passgen();
setPassword($uniqkey, $upass);
write_log('Lostpassword: '******': password updated');
$query = "\n\t\t\tUPDATE\n\t\t\t\t`admin`\n\t\t\tSET\n\t\t\t\t`uniqkey` = ?,\n\t\t\t\t`uniqkey_time` = ?\n\t\t\tWHERE\n\t\t\t\t`uniqkey` = ?\n\t\t";
exec_query($sql, $query, array('', '', $uniqkey));
if ($created_by == 0) {
$created_by = 1;
}
$data = get_lostpassword_password_email($created_by);
$from_name = $data['sender_name'];
$from_email = $data['sender_email'];
$subject = $data['subject'];
$message = $data['message'];
$base_vhost = $cfg->BASE_SERVER_VHOST;
$base_vhost_prefix = $cfg->BASE_SERVER_VHOST_PREFIX;
if ($from_name) {
$from = '"' . $from_name . '" <' . $from_email . '>';
} else {
$from = $from_email;
}
$search = array();
$replace = array();
$search[] = '{USERNAME}';
$replace[] = $admin_name;
$search[] = '{NAME}';
$replace[] = $admin_fname . " " . $admin_lname;
$search[] = '{PASSWORD}';
$replace[] = $upass;
$search[] = '{BASE_SERVER_VHOST}';
$replace[] = $base_vhost;
$search[] = '{BASE_SERVER_VHOST_PREFIX}';
$replace[] = $base_vhost_prefix;
$subject = str_replace($search, $replace, $subject);
$message = str_replace($search, $replace, $message);
$headers = 'From: ' . $from . "\n";
$headers .= "MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 7bit\n";
$headers .= 'X-Mailer: EasySCP lostpassword mailer';
$mail_result = mail($to, $subject, $message, $headers);
$mail_status = $mail_result ? 'OK' : 'NOT OK';
$from = tohtml($from);
write_log("Lostpassword activated: To: |{$to}|, From: |{$from}|, Status: |{$mail_status}| !", E_USER_NOTICE);
return true;
}
return false;
}
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Prevent editors to administrate other users.
if ($Login->role() !== 'admin') {
$_POST['username'] = $Login->username();
unset($_POST['role']);
}
if (isset($_POST['delete-user-all'])) {
deleteUser($_POST, true);
} elseif (isset($_POST['delete-user-associate'])) {
deleteUser($_POST, false);
} elseif (!empty($_POST['new-password']) && !empty($_POST['confirm-password'])) {
setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']);
} else {
editUser($_POST);
}
}
// ============================================================================
// Main after POST
// ============================================================================
if ($Login->role() !== 'admin') {
$layout['parameters'] = $Login->username();
}
$_user = $dbUsers->getDb($layout['parameters']);
// If the user doesn't exist, redirect to the users list.
if ($_user === false) {
Redirect::page('admin', 'users');
}
function admin_users($do, $user_id = "")
{
global $DBCFG;
global $DB;
$userId = $_SESSION[$_SESSION["CFGURL"]][ssuser_id];
if (is_numeric($user_id)) {
$arrayUserData = ARRAYdatosUser($user_id);
if ($arrayUserData[nivel] == '1') {
//Cehcquear que sea ADMIN
$sqlCheckAdmin = SQL("select", "count(*) as cant from {$DBCFG['DBprefix']}usuario where nivel='1' and estado='ACTIVO'");
$arrayCheckAdmin = $sqlCheckAdmin->FetchRow();
}
}
switch ($do) {
case 'actua':
$POSTarrayUser = doArrayDatosUser($_POST);
//Normalice admin
$nivel = $POSTarrayUser["isAdmin"] == '1' ? '1' : '2';
//Check have one admin user
if ($arrayUserData["nivel"] == '1' && $arrayCheckAdmin["cant"] == '1') {
$nivel = '1';
}
$POSTarrayUser[apellido] = trim($POSTarrayUser[apellido]);
$POSTarrayUser[nombres] = trim($POSTarrayUser[nombres]);
$POSTarrayUser[mail] = trim($POSTarrayUser[mail]);
$POSTarrayUser[pass] = trim($POSTarrayUser[pass]);
$POSTarrayUser[orga] = trim($POSTarrayUser[orga]);
$POSTarrayUser[apellido] = $DB->qstr($POSTarrayUser[apellido], get_magic_quotes_gpc());
$POSTarrayUser[nombres] = $DB->qstr($POSTarrayUser[nombres], get_magic_quotes_gpc());
$POSTarrayUser[mail] = $DB->qstr($POSTarrayUser[mail], get_magic_quotes_gpc());
$POSTarrayUser[orga] = $DB->qstr($POSTarrayUser[orga], get_magic_quotes_gpc());
$POSTarrayUser[pass] = trim($POSTarrayUser[pass]);
$POSTarrayUser["status"] = $POSTarrayUser["isAlive"] == 'ACTIVO' ? 'ACTIVO' : 'BAJA';
//Check have one admin user
if ($POSTarrayUser["status"] == 'BAJA' && $arrayUserData["nivel"] == '1' && $arrayCheckAdmin["cant"] == '1') {
$POSTarrayUser["status"] = 'ACTIVO';
}
$sql = SQL("update", "{$DBCFG['DBprefix']}usuario\r\n\t\t\tSET apellido={$POSTarrayUser['apellido']},\r\n\t\t\tnombres= {$POSTarrayUser['nombres']},\r\n\t\t\tmail={$POSTarrayUser['mail']},\r\n\t\t\tuid='{$userId}',\r\n\t\t\torga= {$POSTarrayUser['orga']}\r\n\t\t\tWHERE id= '{$arrayUserData['user_id']}'");
//set password
if (strlen($POSTarrayUser[pass]) > 0) {
setPassword($arrayUserData["user_id"], $POSTarrayUser[pass], CFG_HASH_PASS);
}
//only admin
if ($_SESSION[$_SESSION["CFGURL"]]["ssuser_nivel"] == '1') {
$sql = SQL("update", "{$DBCFG['DBprefix']}usuario\r\n\t\t\t\tSET estado='{$POSTarrayUser['status']}',\r\n\t\t\t\tnivel='{$nivel}',\r\n\t\t\t\tuid='{$userId}',\r\n\t\t\t\thasta=now()\r\n\t\t\t\tWHERE id='{$arrayUserData['user_id']}'");
}
break;
case 'estado':
$new_estado = $POSTarrayUser["status"] == 'ACTIVO' ? 'ACTIVO' : 'BAJA';
//Check have one admin user
if ($new_estado == 'BAJA' && $arrayUserData["nivel"] == '1' && $arrayCheckAdmin["cant"] == '1') {
$new_estado = 'ACTIVO';
}
$sql = SQL("update", "{$DBCFG['DBprefix']}usuario\r\n\t\t\tSET estado='{$new_estado}',\r\n\t\t\tuid='{$userId}',\r\n\t\t\thasta=now()\r\n\t\t\tWHERE id='{$arrayUserData['user_id']}'\r\n\t\t\t");
break;
case 'alta':
$POSTarrayUser = doArrayDatosUser($_POST);
$nivel = $POSTarrayUser[isAdmin] == '1' ? '1' : '2';
$POSTarrayUser["apellido"] = trim($POSTarrayUser[apellido]);
$POSTarrayUser["nombres"] = trim($POSTarrayUser[nombres]);
$POSTarrayUser["mail"] = trim($POSTarrayUser[mail]);
$POSTarrayUser["pass"] = trim($POSTarrayUser[pass]);
$POSTarrayUser["orga"] = trim($POSTarrayUser[orga]);
$POSTarrayUser["apellido"] = $DB->qstr($POSTarrayUser[apellido], get_magic_quotes_gpc());
$POSTarrayUser["nombres"] = $DB->qstr($POSTarrayUser[nombres], get_magic_quotes_gpc());
$POSTarrayUser["mail"] = $DB->qstr($POSTarrayUser[mail], get_magic_quotes_gpc());
$POSTarrayUser["orga"] = $DB->qstr($POSTarrayUser[orga], get_magic_quotes_gpc());
$sql = SQLo("insert", "into {$DBCFG['DBprefix']}usuario\r\n\t\t\t(apellido, nombres, uid, cuando, mail, orga, nivel, estado, hasta)\r\n\t\t\tVALUES\r\n\t\t\t({$POSTarrayUser['apellido']}, {$POSTarrayUser['nombres']}, ?, now(), {$POSTarrayUser['mail']}, {$POSTarrayUser['orga']}, ?, 'ACTIVO', now())", array($userId, $nivel));
$user_id = $sql[cant];
//set password
setPassword($user_id, $POSTarrayUser[pass], CFG_HASH_PASS);
break;
}
return $user_id;
}
function reset_password($ARRAYuser)
{
$string_pass = wp_generate_password(12, false);
//set password
setPassword($ARRAYuser["user_id"], $string_pass, CFG_HASH_PASS);
$message = LABEL_mail_pass1 . ' ' . $ARRAYuser["mail"] . "\r\n\r\n";
$message .= LABEL_mail_pass2 . ' ' . $string_pass . "\r\n\r\n";
$message .= LABEL_mail_pass3 . "\r\n\r\n";
$message .= currentBasePage($_SESSION["CFGURL"]) . 'login.php' . "\r\n";
$title = sprintf('[%s] ' . LABEL_mail_passTitle, $_SESSION["CFGTitulo"]);
$sendMail = sendMail($ARRAYuser["mail"], $title, $message);
if ($sendMail) {
return array("result" => true, "msg" => t3_messages("mailOK"));
} else {
return array("result" => false, "msg" => t3_messages("mailFail"));
}
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=utf-8" />
<?
include '../functions.inc';
$oldPassword = $_REQUEST['oldPassword'];
$newPassword = $_REQUEST['newPassword'];
?>
</head>
<?
$result = setPassword(trim($oldPassword),trim(sha1($newPassword)));
//redirectTo("../adminPage.php");
switch ($result) {
case '1':
echo "changed";
break;
case '0':
echo "not changed";
break;
case 'error':
echo "error";
break;
default:
echo "default";
break;
}
?>
<script type="text/javascript" charset="utf-8">
parent.Mediabox.closerefresh();
